Bug#658739: Left out a step
Ken Stailey
kstailey at yahoo.com
Sun Feb 5 17:37:52 UTC 2012
Reproducing:
1. Install an OpenLDAP server that speaks LDAP over SSL.
2. Install Debian Testing or Unstable and configure it to be an LDAP
client that connects via to its LDAP server via SSL.
3. Log into the Debian system created in step using an LDAP account
not an account in /etc/passwd.
4. Attempt to use sudo. You will see unexpected results:
$ sudo id
[sudo] password for user:
sudo: setresuid(ROOT_UID, ROOT_UID, ROOT_UID): Operation not permitted
sudo: unable to open /var/lib/sudo/user/1: Operation not permitted
sudo: unable to set gid to runas gid 0: Operation not permitted
sudo: unable to execute /usr/bin/id: Operation not permitted
$
5. Patch system:
apt-get build-dep libgnutls26
apt-get source gnutls26
to fetch the source for gnutls26-2.12.14
then chop out
--with-libgcrypt
from the debian/rules file
and rebuild gnutls26
debuild -i -uc -us -b
and install the resulting .deb files.
6. Attempt to use sudo. You will see expected results:
$ sudo id
[sudo] password for user:
uid=0(root) gid=0(root) groups=0(root)
More information about the Pkg-gnutls-maint
mailing list